JMX enabled Java application appears to open a random high order port when JMX client connects

9
votes

JMX enabled Java application appears to open a random high order port when JMX client connects

I have successfully configured a helloworld JMX enabled program, and I can connect to it using jconsole JMX client from a remote location.

When I attempt to turn on iptables I noticed that a random high order port is established when a client logs in. Eventually I would like to monitor Java applications in firewall segregated network segments. Can we control the range the random port opens in?

I'll move this question to serverfault.com if suggested.

5
javarandomportjmxfirewall
The port is established on client or server? If on client I suppose it's the client port bound to the server port...home
Interesting question you pose. The JMX client connects to the JMX server over a port defined by the server. After this happens another (random?) port opens and is used to communicate.user221014
So this port is on the client or on the server?home
This random port opens on the server hosting the JMX enabled application (server)user221014

5 Answers

7
votes

Since Java 7u25 the RMI port can be changed with a system property:

-Dcom.sun.management.jmxremote.rmi.port=1234

See this answer for details.

4
votes

It's possible to control the port used by RMI. See: http://olegz.wordpress.com/2009/03/23/jmx-connectivity-through-the-firewall/

This requires code and a command-line parameter. There's no way that I know of to do this without code (though the code can obviously be packaged in a different jar).

0
votes

Random third port seems to be expected behavior https://bugs.openjdk.java.net/browse/JDK-8035404

0
votes

by the way, this third ephemeral port can be controlled too - https://www.paybackblog.de/java-jmx-how-to-finally-control-your-ports/

0
votes

A workaround is to set the RMI port the same as the JMX port; then only that one port needs to be open on the Firewall.

For example:

-Dcom.sun.management.jmxremote.port=8989
-Dcom.sun.management.jmxremote.rmi.port=8989

See Why Java opens 3 ports when JMX is configured?